1. New PCAP storage format for blazing fast retrieval

We’ve changed the PCAP storage format to use fast indexing of disk blocks without impacting write speed. This results in a massive, upto 100x faster retrieval of packets. The new format will be automatically used after upgrade.

2. Overall massive performance boost

If you are running a very large multi Gbps network you will see big gains in performance. This also helps smaller ( lower than 1Gbps) networks by using lower CPU and memory.

3. Connection setup time and retransmission count for every flow

Trisul now tracks the following for each TCP flow.

connection setup time – the time taken from the 1st SYN packet to the 1st packet with payload

retransmissions – number of re-sent packets

This can be exploited by the LUAAPI and TRPAPI to build some very powerful counters such as latency monitors We have an upcoming blog post on this topic.

4. A new Geo Map for top hosts and countries

By popular demand, Trisul plots top hosts in a given time interval in a Geo Map. When you upgrade Webtrisul, a new Menu called “Geo Map” will be created under the Dashboards menu.

5. Listen to both Netflow and Raw Packets in the same instance

You can now have Trisul process Netflow and raw packets in the same instance, instead of running separate contexts. For example: You may accept Netflow on eth0 and raw packets from eth1 or even eth0 For instructions on how to enable this mode please read the PCAP and Netflow Setup Howto

Numerous other fixes

Its been a while since we had a public release. A whole slew of improvements have made it to this release based on customer feedback.